Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClientForMetadataTokenRequestEmptyAud ¶
func ClientForMetadataTokenRequestEmptyAud(restConfig *rest.Config) manager.ClientForMetadataFunc
ClientForMetadataTokenRequestEmptyAud returns a manager.ClientForMetadataFunc that returns a cert-manager rest client whose authentication is built using the passed empty audience ("") token request in the metadata VolumeContext. The resulting cert-manager client is authenticated against the Kubernetes API server using the mounting Pod's ServiceAccount.
Intended to be used as a manager ClientForMetadata so that created CertificateRequests will have UserInfo fields of the mounting Pods ServiceAccount.
Drivers using this function _must_ have the empty audience tokenRequest defined on the CSIDriver manifest definition, along with setting requiresRepublish to true:
tokenRequests: - audience: "" expirationSeconds: 3600 requiresRepublish: true
restConfig must contain the Kubernetes API server Host, and a valid TLSClientConfig.
func EmptyAudienceTokenFromMetadata ¶
EmptyAudienceTokenFromMetadata returns the empty audience service account token from the volume attributes contained within the metadata. This token should be present in the token request `csi.storage.k8s.io/serviceAccount.tokens` key of the metadata VolumeContext. This function will only return tokens if the CSI driver has been defined with tokenRequests enabled with an empty ("") audience.
Types ¶
This section is empty.